2a12ee2077b558d0c157c904c668ce80_JaffaCakes118 | Triage

Sharing

General

Target

2a12ee2077b558d0c157c904c668ce80_JaffaCakes118
Size

10KB
MD5

2a12ee2077b558d0c157c904c668ce80
SHA1

969942ef01e1c44b5bbff0ba8a08fc073e4afc90
SHA256

34b7e2678d57074094f80ccbda048d8f755d294ae445a98d638271af533feae8
SHA512

0200572c0c9803a9471783ee000cc7df52b46b17a91f3a5a8eb598f7bcdd493002ed7be9e916957f14a18cd31f51c2715e302fa35cd29e6e54134c679275ff94
SSDEEP

192:/Tptpvvj8hPmLn1CQ50FxO4cYKJ49ooaoCF5Q4:/T+lsyFxO4XKJ49oFt5Q4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a12ee2077b558d0c157c904c668ce80_JaffaCakes118

Files

2a12ee2077b558d0c157c904c668ce80_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c0ca8fb524d53a294a75f3adfde9e816

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
ExitProcess
GetModuleFileNameA

user32

MessageBoxA

Sections

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ